// Decided to publish this after some misgivings about disclosure. After telling Asher about it earlier, it was decided to disclose it to make people aware of the issue.
A week or two ago, I stumbled across an article about how these “Brainwallet” things were making your bitcoins “Deniable”, as no “wallet” exists except in your head.
How they work is quite simple: you take a passphrase, and that is to be the super secret key for your “wallet”. So long as you remember that passphrase, you can access the wallet.
This passphrase is hashed with SHA256 to form the private key for your wallet, so you can generate your privkey at will. The privkey is turned into a bitcoin address using the standard algorithm.
Now, so long as you know the private key, you own that wallet. So if you know the passphrase, you know the private key. This is essentially basing the private key on insecure (user supplied as opposed to random) data, normally a word or string of words (everyone sucks at passphrases).
Now, how do we go about attacking this. Well, think of it as the same as cracking peoples passwords.
You take a dictionary of likely looking passphrases, and hash ‘em with SHA-256 to make a bunch of private keys. You then convert them to wallet-import format using the Base58 encoding that Bitcoin uses, and pass the WIF string to bitcoind to import the wallet. If anyone was using that private key/passphrase, all their bitcoin now belongs to you.
Being a lovely person, I wrote up a proof of concept based on brainwallet.py (a brainwallet generator) that automatically does all this. My code is terrible, but it proves the point I was trying to make. A better written piece of code could import thousands of keys incredibly quickly, exhausting entire blocks of passphrase-keyspace.
The brainwallet.py implementation I hacked into the above can be gotten here: Brainwallet.py
The terrifying thing about this is, you are not only stealing “current” bitcoins, but also future ones. If anyone ever uses any of the passphrases you have “pwned”, you own their bitcoins.
So, tell your friends: Brainwallets are dumb.
p.s.: we now accept bitcoin if you ever feel like buying us a beer. 1MJ6KnLdXm82UjdDuvgjxDhngLjBMJfamV
NOTE: We do not encourage or approve of stealing peoples money. It is a bad idea.